Can this skill be used in CI/CD workflows?

While designed for Claude Code, its structured JSON output and script-based execution make it ideal for integration into automated security gates and deployment pipelines.

Does it provide actionable fixes?

Yes, every generated report includes a prioritized recommendation list to help developers address vulnerabilities based on their severity level.

What vulnerabilities does this skill detect?

It specifically scans for hardcoded secrets, credentials, command injection, path injection, and common security flaws aligned with the OWASP Top 10.

How is the security risk score calculated?

The skill uses a deterministic scoring system ranging from 0 to 10 based on the severity and exploitability of the detected patterns.

PopKit Security Assessment

Name: PopKit Security Assessment
Author: jrc1883

byjrc1883

安全与测试

Validates software security posture through automated secret scanning and OWASP-aligned vulnerability patterns.

关于

The PopKit Security Assessment skill provides a comprehensive audit framework for identifying vulnerabilities within plugins and codebases. By leveraging automated scripts for secret detection and injection scanning, alongside machine-readable OWASP checklists, it offers a deterministic approach to software security. This skill is essential for developers who need to generate reproducible security reports, calculate risk scores, and ensure compliance with industry standards before code hits production.

主要功能

JSON-based reporting with prioritized remediation steps
Deterministic risk scoring and severity classification
Automated secret and credential leak scanning
OWASP Top 10 aligned security checklists
Injection pattern detection for commands and paths
0 GitHub stars

使用场景

Benchmarking project security against OWASP standards
Scanning source code for accidentally hardcoded API keys
Performing a pre-release security audit on new plugins

关于

主要功能

JSON-based reporting with prioritized remediation steps
Deterministic risk scoring and severity classification
Automated secret and credential leak scanning
OWASP Top 10 aligned security checklists
Injection pattern detection for commands and paths
0 GitHub stars

使用场景

Benchmarking project security against OWASP standards
Scanning source code for accidentally hardcoded API keys
Performing a pre-release security audit on new plugins